Hacker finds McAfee through phone trail

Weeks of international intrigue about the whereabouts of tech millionaire John McAfee ended Tuesday after the internet pioneer made an elementary digital mistake that highlighted the fraught relationship Americans have with what they once quaintly called "the telephone".

That homely communication tool, wired into walls everywhere for the better part of a century, has become an untethered emailer, browser, banker, shopper, movie viewer, music player and - to an extent that few appreciate - digital spy of extraordinary power.

McAfee, 67, who founded the popular antivirus company that bears his name, has been wanted for questioning by police in Belize since a neighbour turned up dead of a gunshot wound near McAfee's beachside home on November 11. The troubled tech savant, insisting that he had no role in the shooting, went on the run and has been taunting police by blog, Twitter and occasional podcast.

Authorities couldn't catch him. But a hacker called Simple Nomad learned McAfee's location shortly after journalists posted an image of him from his supposedly secret locale under the provocative headline: "We are with John McAfee right now, suckers."

Embedded in that image, apparently taken by one of the journalists, was the sort of detailed data routinely collected by smartphone cameras and often transmitted along with images wherever they go - on email, Facebook, online photo albums and, it turns out, to Vice magazine's website.

Simple Nomad, who declined to give any identifying personal details in an email interview, examined the underlying data and quickly learned that McAfee's image emanated from an iPhone 4S at the following location: "Latitude/longitude: 15 39' 29.4 north, 88 59' 31.8 west," at 12:26pm Monday.

That put McAfee in a Guatemalan villa south of the border with Belize. Simple Nomad tweeted the information, generating significant online buzz. McAfee tried to cover his tracks with a blog post in which he claimed to have faked the iPhone data to fool police, but he came clean on Tuesday morning with another post acknowledging that he was in Guatemala and soon would be meeting with a lawyer.

"Yesterday was chaotic due to the accidental release of my exact co-ordinates by an unseasoned technician at Vice headquarters," McAfee wrote in a short item posted with an image of the blue-and-white flag of Guatemala. "We made it to safety in spite of this handicap. I had to cancel numerous interviews with the press yesterday because of this and I apologise to all of those affected."

Simple Nomad was in no mood to gloat about the detective work, saying by email: "McAfee's mistake was talking to the Vice guys, so ultimately his ego is the culprit."

But the case resonated with privacy experts, who long have feared that most owners of smartphones have little idea how much information they collect and how easily it can be shared. Hackers can steal it. Police in many situations can review it for potential evidence. And users can accidentally transmit it, sometimes without even knowing they have done so.

The rules governing the collection of personal data are few and often unclear. There is no firm limit, for example, on how long a mobile phone carrier can keep GPS location data on its users even though many aren't aware that such records are being kept. A poll by the University of California at Berkeley released in July said 46 per cent of Americans thought mobile phone providers should not keep such data, and 28 per cent said it should be deleted after one year.

The "metadata" that's embedded in files is particularly treacherous, said Chris Hoofnagle, a law professor at UC-Berkeley. Businesses made so many accidental releases that several programs now are available to help scrub out comments and deletions in documents that are intended to remain private. Rules in some states govern what information lawyers can use when opposing counsel inadvertently shares private information in metadata fields.

The rapid spread of smartphones has made it even harder for most users to monitor the creation and flow of personal information, Hoofnagle said. "It has trapped a lot of people, this problem. We're often not aware of the metadata that's created."

The McAfee case is all the more striking because of his presumed savviness in handling technology. The iPhone appears to have belonged to one of the journalists, but sophisticated users can alter or delete the metadata that accompanies photographs - something that McAfee could have demanded or done himself before the image was sent to the website. Vice also could have eliminated such data before posting the image online (as it did after Simple Nomad's discovery).

Interest in McAfee's location was intense because of his fame - though he left the antivirus company that bears his name in the 1990s - and the bizarre details of his life, which by various reports included sexual exploits, drug experimentation and a range of unusual business ventures. News stories, some of which McAfee has denied, have portrayed a frenzied, paranoid genius with a knack for extravagant fabrications that he later dismisses as pranks.

He has denied any role in the death of Gregory Faull, 52, while expressing fear of the police in Belize.

McAfee sounded a conciliatory note in a blog post Tuesday afternoon announcing that he has hired a prominent lawyer who is the uncle of his latest girlfriend. He apologised for previous blog posts in which he gave out misleading information while seeking to evade police.

To the authorities from Belize, he offered to discuss the death of his neighbour - but only by phone.

The Washington Post

This story was found at: http://www.theage.com.au/technology/technology-news/hacker-finds-mcafee-through-phone-trail-20121206-2awkx.html